On Macs running the latest version of High Sierra, it appears that anyone can log in just by putting “root” in the user name field in a certain place. This is a huge, huge problem. Do not leave your Mac unattended until this is resolved.



At the login screen, you can also use the root trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click “Other,” and then enter “root” again with no password. This allows for admin-level access directly from the locked login screen, with the account able to see everything on the computer.

Discussion

Source: [H]ardOCP – Major macOS High Sierra Bug Allows Full Admin Access without Password